-
ckitagawa authored
The fuzzer found a pathological case when the section size is 0 but the offset is outside of image. This resulted in header parsing skipping the section since the size was 0; however, later processing creates a region of size 0 that is outside the image causing checks to fail. The solution here is to check if the offset is outside the image and the size is 0. This suggests that the data is ill formed and we should reject the image entirely. Bug: 1019271 Change-Id: If47d099aa4f919b097d4e15804048eaf64a59201 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1903886Reviewed-by:
Etienne Pierre-Doray <etiennep@chromium.org> Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org> Cr-Commit-Position: refs/heads/master@{#713572}
74eb15ee
